From patchwork Wed Oct 22 11:32:03 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Wang Nan <wangnan0@huawei.com>
X-Patchwork-Id: 39274
Return-Path: <patchwork-forward+bncBD2YXXXCQEBBB2NMT2RAKGQENB5XYVQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com
 [209.85.212.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 0F14820341
 for <linaro@patches.linaro.org>; Wed, 22 Oct 2014 11:35:05 +0000 (UTC)
Received: by mail-wi0-f198.google.com with SMTP id n3sf263716wiv.1
 for <linaro@patches.linaro.org>; Wed, 22 Oct 2014 04:35:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe:content-type;
 bh=ffAHyGIlO4XJLeGacqwdyts314OUiTKqOyuFFJv3ri4=;
 b=fho5Eg3PuWrKfnvwt17Gs5ycQo4EL1fDurTOPLVLUf42MmzFxIKRKPib+QISFSXfPE
 N7iJejgSwaP7ibUKrlY3BoMvs86qfZwpwoBuL0XoeLujxI6jS8BW82SLxfPuZVwCw/r0
 aj4117evN33glfiD40uGQLdisAcb0xMDvZUY7olHcUdHxAyhQ5MX3Wca0SqU9TvQ4bDO
 FkNBtFy3pHs1kWPFTaG1TvmEC646AjP9kIrTwC2nfJmJMnSJuEla9o1yzuwMA9raVnn5
 jb3pRrMt/Nm8GO5HRcv8GgHfhTJhf/Kw4DetL2RhPWMnri9vYY0thMYrMPi8xP72Eow0
 Hv+Q==
X-Gm-Message-State: ALoCoQkAUP41NS9bei2nUzSp8PdEufMAjTDln7FNL45951R6BwVTQ4KHMxvKccdeTpGPbxBwR+Vk
X-Received: by 10.112.147.131 with SMTP id tk3mr6453700lbb.2.1413977705123; 
 Wed, 22 Oct 2014 04:35:05 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.21.200 with SMTP id x8ls85707lae.76.gmail; Wed, 22 Oct
 2014 04:35:04 -0700 (PDT)
X-Received: by 10.152.234.36 with SMTP id ub4mr41584668lac.25.1413977704957; 
 Wed, 22 Oct 2014 04:35:04 -0700 (PDT)
Received: from mail-la0-f41.google.com (mail-la0-f41.google.com.
 [209.85.215.41]) by mx.google.com with ESMTPS id
 h3si10588783laa.106.2014.10.22.04.35.04
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 22 Oct 2014 04:35:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender) client-ip=209.85.215.41; 
Received: by mail-la0-f41.google.com with SMTP id pn19so2697737lab.14
 for <patchwork-forward@linaro.org>;
 Wed, 22 Oct 2014 04:35:04 -0700 (PDT)
X-Received: by 10.112.14.69 with SMTP id n5mr212806lbc.34.1413977704823;
 Wed, 22 Oct 2014 04:35:04 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.84.229 with SMTP id c5csp53458lbz;
 Wed, 22 Oct 2014 04:35:04 -0700 (PDT)
X-Received: by 10.68.177.164 with SMTP id cr4mr9118792pbc.142.1413977703253; 
 Wed, 22 Oct 2014 04:35:03 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id hx2si14046541pbc.9.2014.10.22.04.35.01
 for <multiple recipients>; Wed, 22 Oct 2014 04:35:03 -0700 (PDT)
Received-SPF: none (google.com: linux-kernel-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S933269AbaJVLe5 (ORCPT <rfc822;ankit.jindal@linaro.org>
 + 27 others); Wed, 22 Oct 2014 07:34:57 -0400
Received: from szxga02-in.huawei.com ([119.145.14.65]:25517 "EHLO
 szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S933013AbaJVLeG (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Wed, 22 Oct 2014 07:34:06 -0400
Received: from 172.24.2.119 (EHLO lggeml425-hub.china.huawei.com)
 ([172.24.2.119])
 by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued)
 with ESMTP id CBC48756; Wed, 22 Oct 2014 19:33:48 +0800 (CST)
Received: from kernel-host.huawei (10.107.197.247) by
 lggeml425-hub.china.huawei.com (10.72.61.35) with Microsoft SMTP
 Server id 14.3.158.1; Wed, 22 Oct 2014 19:33:39 +0800
From: Wang Nan <wangnan0@huawei.com>
To: <tixy@linaro.org>, <masami.hiramatsu.pt@hitachi.com>,
 <linux@arm.linux.org.uk>, <will.deacon@arm.com>,
 <dave.long@linaro.org>, <taras.kondratiuk@linaro.org>,
 Ben Dooks <ben.dooks@codethink.co.uk>,
 Christoph Lameter <cl@linux.com>, Rabin Vincent <rabin@rab.in>,
 "David S. Miller" <davem@davemloft.net>
CC: <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
 "Li Zefan" <lizefan@huawei.com>
Subject: [PATCH v6 5/7] ARM: kprobes: disallow probing stack consuming
 instructions
Date: Wed, 22 Oct 2014 19:32:03 +0800
Message-ID: <1413977525-51480-6-git-send-email-wangnan0@huawei.com>
X-Mailer: git-send-email 1.8.4
In-Reply-To: <1413977525-51480-1-git-send-email-wangnan0@huawei.com>
References: <1413977525-51480-1-git-send-email-wangnan0@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.107.197.247]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: wangnan0@huawei.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

This patch prohibit probing instructions for which the stack
requirement are unable to be determined statically. Some test cases
are found not work again after the modification, this patch also
removes them.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
---
 arch/arm/kernel/kprobes-test-arm.c | 16 ++++++++++------
 arch/arm/kernel/kprobes.c          |  8 ++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/arch/arm/kernel/kprobes-test-arm.c b/arch/arm/kernel/kprobes-test-arm.c
index 264c064..59f9b25 100644
--- a/arch/arm/kernel/kprobes-test-arm.c
+++ b/arch/arm/kernel/kprobes-test-arm.c
@@ -476,7 +476,8 @@ void kprobe_arm_test_cases(void)
 	TEST_GROUP("Extra load/store instructions")
 
 	TEST_RPR(  "strh	r",0, VAL1,", [r",1, 48,", -r",2, 24,"]")
-	TEST_RPR(  "streqh	r",14,VAL2,", [r",13,0, ", r",12, 48,"]")
+	TEST_RPR(  "streqh	r",14,VAL2,", [r",11,0, ", r",12, 48,"]")
+	TEST_UNSUPPORTED(  "streqh	r14, [r13, r12]")
 	TEST_RPR(  "strh	r",1, VAL1,", [r",2, 24,", r",3,  48,"]!")
 	TEST_RPR(  "strneh	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")
 	TEST_RPR(  "strh	r",2, VAL1,", [r",3, 24,"], r",4, 48,"")
@@ -565,7 +566,8 @@ void kprobe_arm_test_cases(void)
 
 #if __LINUX_ARM_ARCH__ >= 5
 	TEST_RPR(  "strd	r",0, VAL1,", [r",1, 48,", -r",2,24,"]")
-	TEST_RPR(  "strccd	r",8, VAL2,", [r",13,0, ", r",12,48,"]")
+	TEST_RPR(  "strccd	r",8, VAL2,", [r",11,0, ", r",12,48,"]")
+	TEST_UNSUPPORTED(  "strccd r8, [r13, r12]")
 	TEST_RPR(  "strd	r",4, VAL1,", [r",2, 24,", r",3, 48,"]!")
 	TEST_RPR(  "strcsd	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")
 	TEST_RPR(  "strd	r",2, VAL1,", [r",5, 24,"], r",4,48,"")
@@ -639,13 +641,15 @@ void kprobe_arm_test_cases(void)
 	TEST_RP( "str"byte"	r",2, VAL1,", [r",3, 24,"], #48")		\
 	TEST_RP( "str"byte"	r",10,VAL2,", [r",9, 64,"], #-48")		\
 	TEST_RPR("str"byte"	r",0, VAL1,", [r",1, 48,", -r",2, 24,"]")	\
-	TEST_RPR("str"byte"	r",14,VAL2,", [r",13,0, ", r",12, 48,"]")	\
+	TEST_RPR("str"byte"	r",14,VAL2,", [r",11,0, ", r",12, 48,"]")	\
+	TEST_UNSUPPORTED("str"byte" r14, [r13, r12]")	\
 	TEST_RPR("str"byte"	r",1, VAL1,", [r",2, 24,", r",3,  48,"]!")	\
 	TEST_RPR("str"byte"	r",12,VAL2,", [r",11,48,", -r",10,24,"]!")	\
 	TEST_RPR("str"byte"	r",2, VAL1,", [r",3, 24,"], r",4, 48,"")	\
 	TEST_RPR("str"byte"	r",10,VAL2,", [r",9, 48,"], -r",11,24,"")	\
 	TEST_RPR("str"byte"	r",0, VAL1,", [r",1, 24,", r",2,  32,", asl #1]")\
-	TEST_RPR("str"byte"	r",14,VAL2,", [r",13,0, ", r",12, 32,", lsr #2]")\
+	TEST_RPR("str"byte"	r",14,VAL2,", [r",11,0, ", r",12, 32,", lsr #2]")\
+	TEST_UNSUPPORTED("str"byte"	r14, [r13, r12, lsr #2]")\
 	TEST_RPR("str"byte"	r",1, VAL1,", [r",2, 24,", r",3,  32,", asr #3]!")\
 	TEST_RPR("str"byte"	r",12,VAL2,", [r",11,24,", r",10, 4,", ror #31]!")\
 	TEST_P(  "ldr"byte"	r0, [r",0,  24,", #-2]")			\
@@ -669,12 +673,12 @@ void kprobe_arm_test_cases(void)
 
 	LOAD_STORE("")
 	TEST_P(   "str	pc, [r",0,0,", #15*4]")
-	TEST_R(   "str	pc, [sp, r",2,15*4,"]")
+	TEST_UNSUPPORTED(   "str	pc, [sp, r2]")
 	TEST_BF(  "ldr	pc, [sp, #15*4]")
 	TEST_BF_R("ldr	pc, [sp, r",2,15*4,"]")
 
 	TEST_P(   "str	sp, [r",0,0,", #13*4]")
-	TEST_R(   "str	sp, [sp, r",2,13*4,"]")
+	TEST_UNSUPPORTED(   "str	sp, [sp, r2]")
 	TEST_BF(  "ldr	sp, [sp, #13*4]")
 	TEST_BF_R("ldr	sp, [sp, r",2,13*4,"]")
 
diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
index 028159c..afbb3e5 100644
--- a/arch/arm/kernel/kprobes.c
+++ b/arch/arm/kernel/kprobes.c
@@ -111,6 +111,14 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p)
 		break;
 	}
 
+	/*
+	 * Unable to instrument insn like 'str r0, [sp, +/-r1]'.
+	 * __und_svc protects 64 bytes stack, so instrumenting insn
+	 * likes 'str r0, [sp, #-68]' should be prohibited.
+	 */
+	if ((p->ainsn.stack_space < 0) || (p->ainsn.stack_space > 64))
+		return -EINVAL;
+
 	return 0;
 }